[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Desktop install for RH

From: Alan Shutko <ats acm org>
To: redhat-list redhat com
Subject: Re: Desktop install for RH
Date: 12 May 1999 09:49:12 -0500

"Thomas Ribbrock \(Design/DEG\)" <argathin gmx net> writes:

> The only way I can see that to be acceptable (from a security point of view)
> is if this is done for user accounts *only* (definitely *not* for root) and
> only if "." is the *very last* entry in $PATH. Some people might still think
> this insecure, though.

Right, because someone could put a script in the current directory
called "sl" (or some other common misspelling) and gain access to a
victim's account.  If there's no need for security other than for
root, why have separate user accounts at all?

-- 
Alan Shutko <ats acm org> - Looking for a job in Long Island!
Check http://rescomp.wustl.edu/~ats/ for a resume.
Metermaids eat their young.

References:
- Desktop install for RH
  - From: Madel, Kurt
- Re: Desktop install for RH
  - From: Thomas Ribbrock (Design/DEG)

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]